FBI agent explains how easy it is to ID people posting AI porn without consent

2026-05-26 · Source: AI - Ars Technica · Field: Legal & Regulatory — Criminal Law & Public Safety, Regulatory Affairs & Government Relations, Compliance & Risk Management · Depth: Fundamental Awareness, short

Summary

The FBI recently arrested two men, Arturo Hernandez (20) and Cornelius "Neil" Shannon (51), under the Take It Down Act (TIDA) for allegedly posting and selling nonconsensual AI-generated sexualized deepfakes. Hernandez is accused of uploading 113 albums, viewed nearly a million times, featuring approximately 50 women, including public figures and high school acquaintances. Investigators identified him through geo-location data, a linked PayPal account, and an IP address matching his iCloud records. Shannon allegedly published 360 albums, viewed over 2 million times, depicting about 90 women, primarily public figures. His identification was simplified by using his own photo as a profile picture, cross-referenced with DMV records. Both face up to two years in prison. Concurrently, the FTC warned 12 "nudify" toolmakers and major platforms like Amazon, Google, and X to implement 48-hour content removal processes for TIDA violations, threatening civil penalties of up to \$53,088 per violation.

Key takeaway

For legal professionals advising clients on digital content liability, understand that law enforcement's ability to identify individuals behind nonconsensual AI deepfakes is demonstrably high, even with attempts at anonymity. Your clients operating online platforms must implement robust 48-hour content removal processes for TIDA violations to avoid significant civil penalties of up to \$53,088 per infraction. Advise them to prioritize compliance and proactive monitoring.

Key insights

Law enforcement can readily identify individuals posting nonconsensual AI deepfakes using digital footprints and public records.

Principles

• Digital footprints, including IP addresses and linked accounts, are key to identification.
• Publicly available information like profile photos can quickly link online identities to real individuals.
• Legal frameworks like TIDA empower authorities to pursue creators and platforms.

Method

Investigators linked online accounts to real identities by cross-referencing IP addresses with cloud service logs, analyzing linked payment accounts, and using public profile pictures with DMV records.

In practice

• Cross-reference IP addresses with cloud service logs for user identification.
• Analyze linked payment accounts (e.g., PayPal) to unmask anonymous profiles.
• Use public profile pictures and social media connections for identity verification.

Topics

• Take It Down Act
• Nonconsensual Deepfakes
• AI Pornography
• Digital Forensics
• FTC Enforcement
• Online Platform Liability

Best for: CTO, VP of Engineering/Data, Executive, Legal Professional, Policy Maker, AI Ethicist

Related on AIssential

• Non-consensual AI porn doesn’t violate privacy – but it’s still wrong — Generative AI fuels deepfake pornography, exposing legal gaps and raising complex ethical questions beyond privacy violations.
• New IT Rules Target AI Deepfakes What Does It Mean? — New IT rules in India enable rapid content takedowns by officers, raising concerns about due process and deepfake detection capabilities.
• YouTube is expanding its AI deepfake detection tool to all adult users — YouTube's AI deepfake detection tool for adult users raises significant biometric data privacy concerns.
• We URGENTLY need a federal law forbidding AI from impersonating humans — Advanced deepfake and AI mimicry tools necessitate urgent federal laws to prevent "counterfeit people" and related scams.
• Privacy Regulators in 61 Countries Back Enforcement Against AI Deepfakes — Global privacy regulators are coordinating enforcement against AI-generated nonconsensual intimate imagery under existing privacy laws.
• The Download: deepfake porn’s stolen bodies and AI sharing private numbers — AI advancements introduce complex ethical and privacy challenges alongside technological progress.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI - Ars Technica.